Use POST?
On Wed, 2003-01-29 at 14:51, Roy Wood wrote:
> I don't know if this is more of a TomCat problem or an Axis problem, but
> here goes.
>
> I've set up TomCat to do digest authentication for my Axis service, and
> that is working fine. For example, if I protect all of the axis realm,
> then I need to supply a userid and password to even see axis/index.html
> or axis/happyaxis.jsp, and it works fine.
>
> Unfortunately, when I try to access my actual service, I get the
> following response:
>
> <h1>RoysSOAPService</h1>
> <p>Hi there, this is an AXIS service!</p>
> <i>Perhaps there will be a form for invoking the service here...</i>
>
>
> With authentication disabled, everything is perfect. It's just when I
> enable authentication that I am prevented from accessing the service.
>
> I am calling this from a non-Java client, and am actually building the
> headers by hand (don't ask-- it's a legacy product), and am thus very
> aware of everything going on during the transaction. With
> digest-authentication enabled, I know that I get an initial 401 response
> from Tomcat, to which I reply with all the proper stuff in the
> "Authorization:" header line of the subsequent request I send.
>
> One thing I notice is that if I use "PUT" as the HTTP method when I am
> calculating the MD5 hash response, Tomcat refuses to authenticate me.
> If, however, I use "GET" as my HTTP method when calculating the hash,
> Tomcat accepts the results. Note that in both cases, I really am doing
> an HTTP "PUT" in order to call the SOAP service!
>
> I suspect that the abovementioned oddity is the source of the problem,
> since the response get from Axis looks like a default response to a GET
> request.
>
>
> Anyone have any bright ideas?
>
>
> -Roy
>
>
>
>
> "Disclaimer The opinions expressed in this message are strictly
> personal and do not necessarily reflect those of FiLogix."
>